Last active
January 17, 2023 19:38
-
-
Save jfgordon2/0c9415ac50a7fab5c980291f7508f808 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Reads a gitleaks report and converts displays surrounding code from commits | |
| # Usage: gl-reporter.sh [--repo <path>] [--report <path>] [--lines <number>] | |
| function show_help() { | |
| printf "\e[1m%s\e[0m%s" "Usage: " "$0 [--repo <path>] [--report <path>] [--lines <number>]" | |
| echo "" | |
| echo "Reads a gitleaks report and converts displays surrounding code from commits" | |
| echo "" | |
| echo "Options:" | |
| echo " --repo <path> Path to local git repo" | |
| echo " --report <path> Path to the gitleaks report file in JSON format" | |
| echo " --lines <number> Number of lines of surrounding code to display" | |
| echo " --help Show this help" | |
| echo "" | |
| printf "\e[1m%s\e[0m" "Requirements:" | |
| echo " git, jq" | |
| exit 0 | |
| } | |
| # Set defaults | |
| lines=5 | |
| # Parse arguments | |
| while true; do | |
| if [ -z "$1" ]; then | |
| break | |
| fi | |
| case "$1" in | |
| --repo) | |
| repo="$2" | |
| shift 2 | |
| ;; | |
| --report) | |
| report_path="$2" | |
| shift 2 | |
| ;; | |
| --lines) | |
| lines="$2" | |
| shift 2 | |
| ;; | |
| --help) | |
| show_help | |
| ;; | |
| *) | |
| echo "Unknown argument: $1" | |
| show_help | |
| ;; | |
| esac | |
| done | |
| # Check for repo | |
| if [ -z "$repo" ]; then | |
| echo "No repo specified" | |
| show_help | |
| fi | |
| # Check repo is directory with .git | |
| if [ ! -d "$repo" ] || [ ! -d "$repo/.git" ]; then | |
| echo "Repo is not a directory or does not contain a .git folder" | |
| exit 1 | |
| fi | |
| # Check for report file | |
| if [ -z "$report_path" ]; then | |
| echo "No report file specified" | |
| show_help | |
| fi | |
| # Check for git | |
| if ! command -v git &>/dev/null; then | |
| printf "\e[1m%s\e[0m" "git not installed" | |
| exit 1 | |
| fi | |
| # Check for jq | |
| if ! command -v jq &>/dev/null; then | |
| printf "\e[1m%s\e[0m" "jq not installed" | |
| exit 1 | |
| fi | |
| # # Read report and remove newlines and escapes | |
| report=$(cat "$report_path" | tr -d ' | |
| ' | sed 's/\\/\\\\/g') || exit 1 | |
| # Get array length | |
| length=$(echo "$report" | jq length) || exit 1 | |
| # Loop through array of leak objects | |
| for ((i = 0; i < "$length"; i++)); do | |
| # Get commit hash | |
| commit=$(echo "$report" | jq -r ".[$i].Commit") || exit 1 | |
| # Get file path | |
| file=$(echo "$report" | jq -r ".[$i].File") || exit 1 | |
| # Get Start Line number | |
| start_line=$(echo "$report" | jq -r ".[$i].StartLine") || exit 1 | |
| start_line=$((start_line - lines)) | |
| # Get End Line number | |
| end_line=$(echo "$report" | jq -r ".[$i].EndLine") || exit 1 | |
| end_line=$((end_line + lines)) | |
| # Get leak description | |
| description=$(echo "$report" | jq -r ".[$i].Description") || exit 1 | |
| # Get surrounding code | |
| code=$(git -C "$repo" log -L "$start_line","$end_line":"$file" "$commit" | sed -n '/^+/p' | sed 's/^+//') || exit 1 | |
| # Print leak details | |
| printf "\e[1m%s\e[0m\n" "----------------------------------------" | |
| printf "\e[1m%s\e[0m %s\n" "Description:" "$description" | |
| printf "\e[1m%s\e[0m %s\n" "Commit:" "$commit" | |
| printf "\e[1m%s\e[0m %s\n" "File:" "$file" | |
| printf "\e[1m%s\e[0m %s\n" "Lines:" "$start_line-$end_line" | |
| echo "$code" | |
| printf "\e[1m%s\e[0m\n" "----------------------------------------" | |
| echo "" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment